Please submit only technical tips that will help other TidBITS readers better use their Macs, iPhones, iPads, and related software and hardware. All product announcements should be sent to releases@tidbits.com.

Tip title*

Your tip*

URL

Enter the URL to a Web page that supports your tip.

Linked text

Enter the name of the page linked above.

Your name*

Your email*

* indicates required fields

To help us avoid automated posts and spam, please enter the words below.

When you submit a tip, you give us permission to use it. Read our terms for more details. All submissions are reviewed before publication.

Our terms: By submitting a tip, you agree to assign TidBITS Publishing Inc., a non-exclusive, worldwide, perpetual license to reproduce, publish, and distribute your tip in connection with the TidBITS Web site and associated products in any media. You agree that you created the content you submitted, and that you have the right to assign us this license. You give us permission to use your name, but your email address won't be publicly displayed or shared. We review all submissions before publication, and reserve the right to select which submissions we feel are appropriate for our readers and to edit those we publish.

Our terms: We reserve the right to edit or delete any comment, so please post thoughtfully. We use your email address only to send you a one-time verification message confirming that you posted this comment. We also store your address to allow you to verify using other Web browsers in the future. For more info, see our privacy policy.

iTunes Apps Tab in Landscape?

If your iPad is locked in landscape orientation when in the charging dock, apps in the Apps tab of iTunes will display in landscape orientation. (This also occurs when your iPad is not in the dock but connected to iTunes via the charging cable while in landscape orientation).

The Mystery of the Disappearing UDID

Every release of iOS comes with a healthy share of new features, updates, tweaks, and the inevitable accusation that Apple is up to no good.

Case in point, TechCrunch broke the news last week that the latest beta of iOS 5 begins to phase out developer functionality that can be used to track individual devices.

The rest of the Mac punditry machine quickly piled on, accusing Apple of trying to shut competitors out of the iPhone market and claiming that developers will no longer be able to provide users with services like scoreboards, personalized accounts, and goodness knows what else.

There seems to be general agreement, therefore, that this change (which Apple, true to form, made in the latest beta with little fanfare) is a Big Deal. There’s also a lot of confusion, however, on exactly what a UDID is, what it does, and why it is being discontinued.

UDID, What Art Thou? -- The term “UDID” is an acronym that stands for “Unique Device IDentifier.” It’s a unique 160-bit number that is calculated by iOS based on several hardware characteristics of a device; as its name implies, each iPhone, iPad, and iPod touch has its own UDID.

Apple uses UDIDs for a number of different purposes, including sending push notifications, managing ad-hoc provisioning (which is used by registered developers and enterprise users to distribute apps outside of the App Store), and so on.

Until now, the UDID has also been available to developers, who have traditionally used it whenever it has been necessary to track individual devices — for example, to provide scoreboards, or offer additional personalized services.

There is nothing wrong with this: the UDID is not a secret and cannot be used to steal any information from the user. In fact, Apple even provides a helpful support article that explains how you can find a whole alphabet soup of identifiers associated with your device.

Unfortunately, the fact that the UDID is available to every app without the user’s consent has led to an unexpected consequence: third parties, like ad networks, have been able to use it to track usage across multiple apps, thus breaking a primary tenet of iOS, that apps run in complete isolation from one another, in part to protect the user’s privacy.

Given how steadfastly Apple has defended this feature of its mobile operating system in the past, and the fact that the company has already been sued for “allowing” apps to provide information to advertisers, the fact that UDIDs are going the way of the dodo shouldn’t come as a big surprise.

What Is Apple Doing? -- In hindsight, in fact, Apple’s response to this problem has clearly been in the works for a long time. Over the past few years, the company has rolled out several services that aim at providing developers with alternatives to the types of features most likely to depend on UDIDs, like scoreboards and network gaming (Game Center), ads (iAds), and so on.

Apple is now preparing for the final strike: removing access to UDIDs to thwart those parties that have happily worked around iOS’s privacy model.

Because of the potential impact on so many developers, however, Apple is going about making this change in a deliberate manner. Contrary to several reports that have found their way on to the Web, Apple hasn’t “killed” developer access to UDIDs. Rather, they have simply “deprecated” the functionality, advising developers that it’s likely that it will be removed from a future version of the operating system. To put things in perspective, Mac OS X 10.7 still includes functionality that has been deprecated since 10.2 (although my feeling is that Apple will move much more quickly in this case).

In the immediate future, therefore, nothing has changed. UDIDs are still available to developers, and apps that depend on them will continue to function without problems.

What Happens when UDIDs Disappear? -- Think of this initial move as a call to action. Apple is telling developers that it will, sooner or later, make developer access to UDIDs go away.

Those who have needed access to UDIDs for reasons that Apple sees as legitimate are likely in for some work converting their apps to the appropriate technology provided by iOS, but should otherwise have no problem providing their users with uninterrupted service and no loss of data. As a bonus, the user experience connected with these services will be uniform, resulting in fewer headaches for both users and developers.

Interestingly, even those companies that make “inappropriate” use of UDIDs are unlikely to find themselves completely in the lurch. Since there are several well-established ways of identifying any device connected to the Internet, these developers should be able to continue offering their services without having to depend on an Apple-provided identifier.

Why the change, then? I think it likely stems from two desires on Apple’s part. The first is that UDIDs are highly specific: barring a mistake in Apple’s manufacturing process, these identifiers are guaranteed to be unique — unlike the information that can be gathered through the other methods that I mentioned above. Apple is likely worried about both the perceptual and legal liability of tacitly enabling apps that track users without user-granted permission.

This also leads to Apple’s second desire: Apple wants to tout iOS as the most secure and privacy-conscious mobile operating system on the market, bar none. If developer access to UDIDs enables app usage to be tracked without user knowledge, it’s that much more difficult for Apple to make that claim.

Finally, there is a third possibility: that Apple is, in fact, trying to block third parties from encroaching on the businesses that it intends to create around technologies like Game Center and iAds. It’s not inconceivable, but given that neither iAds nor Game Center seems to be a big money maker for the company, this seems like a rather weak argument.

Make friends and influence people by sponsoring TidBITS!Put your company and products in front of tens of thousands ofsavvy, committed Apple users who actually buy stuff.More information: <http://tidbits.com/advertising.html>

Comments about The Mystery of the Disappearing UDID(Comments are closed.)

All current iPhones have encryption built in that's based on a unique device certificate. Couldn't a developer encrypt the word "secret" using the device's private key, and use the result? It's not guaranteed unique, but the chance of a collision would be very low.

Apple could provide an API that does something similar. You basically need some token that is unique for each application+device, but where having a token doesn't tell you what other apps' tokens would be.

It seems that Apple could force developers out into the open by given access through another function that requires user granted privileges. They could also vet apps on their usage. The penalty could be something steep, like disbarment from the Apple store

Developers could always identify a user via login, and that's probably a better method anyway. I get a new iPhone, login, and you find me.

Advertisers liked the UUID because it was a way they knew that User "A" in Application B" is the same person as user "C" in application "D". Even better, they could track you even in software where you didn't log in.